block spam

A few months ago WordPress and WordPress MU merged with the release of the Wordpres 3 series. This was awesome if you ran multisites as now the code bases were a single branch. Unfortunately, the problem with spambots creating blogs to simply load links back to their spam sites didn’t get any better. If anything, it’s gotten worse and the problem isn’t just limited to multisite installations, single site WordPress installs are just as prone to comment spam and/or bogus users being created. A new WordPress installation can expect to be attacked by bots within days of going live and if you have an open comment or registration process, your going to be spending a lot of time weeding out bogus blogs and comments.

A year ago I released a plugin I’d been tinkering with called WPMU Block Spam By Math. It’s was based on the simple, yet highly effective plugin Block Spam By Math created by Alexander Grau. The WPMU version solely addressed the need in WPMU to try and control spam blog creation. While nothing is 100% both plugins together provided some pretty nice protection. Since the release of WordPress 3 and the ever increasing use of Buddypress, I decided to combine both plugins, updated for the current code bases with a few enhancements built in. The result is Block Spam By Math Reloaded.

It’s still a simple plugin based on an even simpler concept but it’s proven to be highly effective at what it does. By simply adding a math question to the workflow processes (something like “what is 5+2”) you can dramatically reduce the amount of spam you have to deal with. In fact, I rarely get comment spam and if it does get by (usually because someone actually posted the spam not a bot) Akismet nabs it. I’ve been running this plugin on my other site Reality Wired for several weeks and it’s been (in my opinion) 100% effective. Another advantage is you don’t have to worry about GD2, Imagemagic or other graphics library issues when using the random image generators. Block Spam By Math Reloaded just works.

Go to wp-admin/settings/block-spam-by-math-reloaded and set your options.

That’s all there is to it. You should now start to see a dramatic reduction in the amount spam blogs and comment spam. NOTE: This does not protect against those spammers who take the time to manually create spam blogs on your site. For those I still recommend barbed wire and toothpicks under the fingernails.

Buddypress Users
If you are using Buddypress, the plugin has been tested against the latest version 1.2.7 using the default Buddypress theme. I’m fairly certain it won’t work with any version prior to 1.2.7 due to a missing hook. If you don’t have the latest version of Buddypress I recommend you look into updating anyway.

FAQ

Does this plugin work with the original Block Spam By Math plugin?

No, this plugin uses some of the same functions and function names and will most likely cause you problems if you try and run them together.

Does this plugin work with the regular WPMU Block Spam By Math plugin?

No, this plugin uses some of the same functions and function names and will most likely cause you problems if you try and run them together.

Does this plugin work on WordPress versions prior to the 3.x series?

Not sure, although it won’t run on anything older than 2.7 for sure.

Can I change the math questions?

Yes, just edit the two rand functions in the plugin file to generate whatever type of numbers you want.

Future Updates
I’ve got a few more things I want to add to this plugin, mostly convenience things that have annoyed me with the previous ones. I hope to have them included in a few weeks. If you have a suggestion please leave a comment with your ideas.

Support
I’ll do my best to support any issues that crop up with the plugin. If you run into an issue, either shoot us a note via the contact page or simply leave a comment below.

If you like this plugin and want to support me, leave a comment or check out my donations and support page!

Version 2.0 Update
Version 2.0 of this plugin has been released. It includes a number of changes to base code, bringing it more inline with current WordPress standards.
* Added a number of enhancements that allow for field validation.
* Added the option to add the security form to the stand alone WordPress user registration form.
* Added customization for almost every available object
* Added the ability to change when the security form appears on the comment form (see the note below).

The biggest piece of this was adding the ability to change where the security form appears on the comments form. The issue with this was there is no default WordPress hook for this location and not all templates integrate the necessary part of the form into the template code making a manual edit of a template not very feasible. What I chose to do was provide 3 options that I believe will cover most cases.

The default option is to use the default hook location. In most cases this places the security form below the comments submit button.

The second option is the ability to use a predefined hook location. This won’t exist in most templates but several of the frameworks are starting to use it. Thesis Theme for example uses it’s own comment code and adds a hook for us. Therefore we are able to make use of that hook to relocate the form above the submit button rather easily.

The third option will be the most difficult for some to grasp. This involves a manual edit to a core WordPress file. This means that everytime an upgrade is performed this edit will have to be readded. Instructions are included on the plugins options screen.

Maybe in the future WordPress will add additional hooks or alter the whole comments system to make the comment form use a template thus allow for easier manual placement. Until then, a little pain was necessary to make this happen.

Version 2.1 Update
After a few quick releases to fix some minor issues, I’ve pushed version 2.1 to the repository. No functional changes have been made, most are all cosmetic but I think it makes the admin options page a little less cluttered.
The two biggest things I’ve added aside from the cosmetic are:

A help link for registering the plugin that should fix the issues some of you have emailed me about.

An Uninstall option that will clear all plugin settings from the database. When you deactivate the plugin the settings are still there, but if you want to completely remove it or just revert to default settings this is the quickest way. The plugin is automatically deactivated as part of the uninstall.

I think I’m fairly happy with this release and I think you guys will like it better. As always, leave a comment with any bugs or feature requests you have or drop us a note via the contact form.

If you run a WordPress MU installation then you’re more than aware of the growing problem with spambots out there creating blogs to simple load links back to their spam sites. New WPMU installations can expect to be found and attacked within a few days of going live and if you have an open registration process, well, be ready to spend a lot of time weeding out the spam blogs.

My WPMU site Stampin Corner started getting hit the day it went live and I’d see between 5 an 15 new spam blogs created every day. After searching around and trying several solutions intended to stop the bots, and getting frustrated none of them really worked, I decided to just modify an existing plugin that I use on my regular WordPress installations.

It’s a simple plugin really but I find it to be highly effective at what it does. By simply adding math question to workflow (something like “what is 5+2 ?”). I won’t say it’s 100% effective but after adding this plugin to Stampin Corner two weeks ago, I’ve not had a single spam blog created (knock on wood).

Installation is simple:

NOTE: As of version 1.2 of this plugin you must have Buddypress 1.2.3 installed. For prior versions of BP you will need an older version of the plugin.

That’s all there is to it. You should now start seeing a dramatic reduction in the amount of spam blogs you see created. NOTE: This does not protect against those spammer who take the time to manually create spam blogs on your site. For those I recommend barbed wire and toothpicks under the fingernails.

BuddyPress Users
If you are using BuddyPress this plugin should still work fine unless you are using the default BuddyPress theme. If you want this plugin to work with the ‘bp-default’ theme you need to make a manual edit to create a new hook location. The process is very simple.

I completely skipped 1.2.2 but since it was reported the plugin wasn’t working correctly on that version I’m going to assume the problem was the same. If you are on 1.2.2 and still have problems upgrade to at least 1.2.3.

It appears BP is now able to bundle their default theme within the plugin directory and in doing so added a new hook which I had to manually add in previous versions. This update applies to an unaltered install of BP 1.2.3, if you have the older BP default theme in your wp-content/themes directory you should be able to delete it then activate the new default theme which resides in wp-content/plugins/buddypress/bp-themes/bp-default. (NOTE: This plugin will no longer work properly using the older default theme if you’ve upgraded BuddyPress).

There are NO manual edits for this version of BP just be sure you have downloaded and installed version 1.2 of the WPMU-Block-Spam-By-Math plugin. It should as simple as auto updating Buddypress and updating WPMU-Block-Spam-By-Math to the latest version (download from Codex or use link above) then switching your theme to the new Buddypress default theme.

FAQ

Does this plugin work with the regular Block spam By Math plugin?
Yes, you can run both. I use the regular WordPress plugin on my WPMU site as well to allow individual site owners the option to add the protection at the blog level.

Does this plugin work on regular WordPress?
No. This is only targeting the WPMU new blog signup and new user signup functions. If you need WP registration, login and comment protection I recommend you get the Block Spam By Math plugin.

Change I change the math questions?
Yes, just edit the two rand functions in the plugin file to generate whatever type of numbers you want.

Does this plugin work with BuddyPress?
Yes. See the Buddypress note above under installation. You have to perform a manual edit in order for it to work with the default Buddypress theme.

Support
If you like this plugin and want to support me, leave a comment or check out my donations and support page!